Apple Starts Investigation as 'MAC Defender' Trojan Gains Traction

  Mac security icon - Finder lock
Discovered and detailed by a Mac security firm earlier this month, a trojan targeting Macs is now officially on Apple’s to-do list.

Discovered and detailed by a Mac security firm earlier this month, a trojan targeting Macs is now officially on Apple’s to-do list.

A leaked internal document from Apple shows that issues caused by fake antivirus software “MAC Defender” are now a priority on the company’s agenda.

The memo is titled “About ‘Mac Defender’ Malware, and states: “Apple Internal Use Only - Issue/Investigation In Progress - Confidential Information - Do Not Disclose Externally.”

“Customers may call AppleCare to report an issue with malware (trojan) software known as Mac Defender or Mac Security, or because they are concerned their Mac could become infected,” the document reads, according to a leaked screenshot published by ZDnet.

“The name may vary as new variants are released onto the Internet. This malware is installed from malicious websites,” the notice reads.

Concerned customers calling to report that they’ve not installed the app but did see the installer on their screen are to be guided through removing the malicious software before it’s too late.

“If the customer has not yet installed the software and are calling about it because the installer appeared on their screen, suggest they quit the installer and delete the software immediately (it should be located in the customer’s Downloads folder or their preferred download location),” the company tells Support representatives.

However, in case the malware has been installed, Apple outlines an altogether different standard procedure.

In accordance with yesterday’s reports on the subject, AppleCare reps are instructed to take no action, such as providing advice for removing the program or others like it, as the issue is under investigation for now.

“AppleCare does not provide support for removal of the malware,” the same internal document reads. “You should not confirm or deny whether the customer’s Mac is infected or not.”

Instead, AppleCare reps are being told to direct concerned customers to locations where they can download and install specialized software that can eradicate the threat - antivirus programs.

"Explain that Apple does not make recommendations for specific software to assist in removing malware," the document states. "The customer can be directed to the Apple Online Store and the Mac App Store for antivirus software options."

2 Comments